Monday, May 7, 2018

Creating a target-specific good password list is a very hard thing. Collecting tools to brute force on website admin panel or wifi access point is very simple or an easier thing but guessing the perfect probable words that the victim can use is the hardest step.In this article, we're gonna demonstrate you a tool called Dymerge that we used recently which can generate wordlist with most probable keyword combinations.

A little about Dymerge tool:

Dymerge tool is basically a python script created by a GitHub contributor Nikolas Kamarinakis k4m4. The full form of the tool is the Dynamic Dictionary Merger. It can be used as ammunition for the successful dictionary-based attack. This is really a very cool script. It basically merges many wordlists to make a powerful wordlist.

Configure Dymerge in Kali Linux:

Step 1:

First, open up the terminal in your Kali Linux machine and download/clone the tool from Github from the link given below.https://github.com/k4m4/dymerge.gitIf specified the directory to save then follow the directory and if didn't then it will be saved in the root directory. Now follow the directory by giving the command-cd /root/dymerge

or type cd and drag the folder to the terminal and hit enter. Now type lsto expand the folder. Here you will see a script named with dymerge.py. Load the script by giving the command- python dymerge.py -h

The -h command will show the parameters that you can use. If you don't have python installed on your machine the script will not load. To install python, open another terminal and type apt-get install pythonSo here we successfully loaded the dymerge help file. The parameters seem very simple but very powerful.

Step 2:

So here we have to find and download a wordlist that can be merged using dymerge script. There is a website called skullsecurity has a wiki of passwords. You can download leaked passwordlist from the wiki of skullsecurity.com different categories. These are very cool collections. These are probably the best collections.So, we downloaded the elitehacker.txt.biz2, facebook-phished.txt.bz2, facebook-pastebay.txt.bz2 file from the wiki. This is a zip file so we need to extract the file before using it. Extracting the file in the terminal. Go to the location where the file is. In our case, we moved the file from downloads to the desktop. To extract it just give the command-bzip2 -d elitehacker.txt.bz2So, the file extracted successfully and now we have the file elitehacker.txt, facebook-phished.txt, facebook-pastebay.txt. If you open the text file you will see raw data. So we're gonna merge them all together to create a super wordlist.

Step 3:

We saved all wordlists in a folder named wordlists on the desktop so that we can call them easily. Now follow the commands.python dymerge.py /root/desktop/wordlists/elitehacker.txt root/desktop/wordlists/facebook-phished.txt root/desktop/wordlists/facebook-pastebay.txt -s -u -o wordlist.txt -z bz2

It will start merging the words, removing the duplicate words. It will be saved as wordlist.txt.bz2 in the dymerge folder in the root directory. It will be a very large file around 20-50 MB and it will take some time to get extracted.Have a happy hacking journey and stay in touch with us. Good luck.